CVE-2011-4578

Severity

46%

Complexity

39%

Confidentiality

106%

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

tedfelix acpid (aka acpid2)

First reported 12 years ago

2012-08-29 22:55:00

Last updated 11 years ago

2013-04-05 03:06:00

Affected Software

tedfelix acpid (aka acpid2) 2.0.0

2.0.0

tedfelix acpid (aka acpid2) 2.0.1

2.0.1

tedfelix acpid (aka acpid2) 2.0.2

2.0.2

tedfelix acpid (aka acpid2) 2.0.3

2.0.3

tedfelix acpid (aka acpid2) 2.0.4

2.0.4

tedfelix acpid (aka acpid2) 2.0.5

2.0.5

tedfelix acpid (aka acpid2) 2.0.6

2.0.6

tedfelix acpid (aka acpid2) 2.0.7

2.0.7

tedfelix acpid (aka acpid2) 2.0.8

2.0.8

tedfelix acpid (aka acpid2) 2.0.9

2.0.9

References

http://sourceforge.net/u/tedfelix/acpid2/ci/02d0bf29207f17996936ab652717855b15873901/tree/Changelog?force=True

MDVSA-2012:138

[oss-security] 20111206 Re: CVE request: acpid

https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821

https://bugzilla.redhat.com/show_bug.cgi?id=760984

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.